Cryptocurrency has become a popular banking method for players and operators alike in the world of online casinos. However, beyond the benefits of anonymity and fast transactions, cryptocurrency also carries the risk of cyberattacks. Unfortunately, this is exactly what happened in September when Stake.com, a leading crypto casino, fell victim to a security breach in their ETH/BSC hot wallets, resulting in unauthorized transactions amounting to more than $41 million.
What is a Hot Wallet and How Does it Work?
A hot wallet is a cryptocurrency wallet that maintains a constant connection to the internet and the cryptocurrency network. Whether you acquire cryptocurrency through mining or purchase, a wallet is essential for conducting transactions and monitoring your digital assets. These wallets store the private keys necessary for cryptocurrency ownership. Unlike cold wallets, which store these keys offline for added security, hot wallets remain online, allowing for faster transactions and rendering them susceptible to cyberattacks. Experts recommend keeping a small portion of your cryptocurrency assets in a hot wallet while securing the majority in a cold wallet or even on an exchange. However, in the case of a widely popular casino like Stake.com, the hackers managed to breach enough hot wallets, leading to the attack.
What Happened at Stake.com?
Concerns regarding potential fraudulent activities targeting the cryptocurrency casino arose as early as July 2023. During this period, GitHub issued a warning indicating that the Lazarus hacker group from North Korea had initiated the creation of fake accounts on their platforms, specifically to target employees of online gambling companies through malware and social engineering tactics.
While the risk mitigation teams at Stake.com were vigilant, they could not prevent the impending attack. Given the strategic and rapid nature of the assault, experts speculate that the compromise of Stake’s hot wallet private keys is highly probable. However, no official confirmation has been provided as of yet.
The initial attack by the Lazarus group focused on the Ethereum Network, resulting in the extraction of 6001 ETH, 3.9 million $USDT, 1.1 million $USDC, and 900,000 $DAI, resulting in losses exceeding $15.7 million for Stake.com. The subsequent attack targeted the Binance Smart Chain and Polygon, resulting in an additional $25.6 million loss.
With a total loss of approximately $41.3 million, as reported by Bleepingcomputer.com, this incident ranks as one of the most financially significant cryptocurrency attacks of 2023, leaving a lasting impact in its wake.
Official FBI Report Confirms Lazarus Group is Behind the Stake.com Attack
It didn’t take long for the Federal Bureau of Investigations to confirm the rumors that the Lazarus Group was responsible for the $41 million theft. An official report dated September 6, 2023 ( just 2 days after the attack), that DPRK cyber actors (known as members of the North-Korean Lazarus Group) movie funds associated with the Stake.com attack into several virtual currency addresses.
Furthermore, the FBI had previously informed the public regarding DPRK’s attacks on Sky MAvis’s Ronin Bridge and Harmony’s Horizon Bridge. On top of these actions, the OFAC (Department of Treasury’s Office of Foreign Assets Control) sanctioned Lazarus Group in 2019.
However, this was not enough to stop the North Koreans from bringing their plan to fruition. Therefore, the FBI advises all private sector entities to review the Cyber Security Advisory on TraderTraitor and examine all blockchain data associated with the virtual currency addresses used in the Stake.com attack.
Final Thoughts and Implications for Crypto Gambling
While the Stake.com attack is definitely not the last to occur, it raises considerable concerns for the entire crypto-gambling industry. Trustworthiness and anonymity are the main benefits offered by the decentralized payment methods, and they’re both put to the test by such incidents.
Players weary of using cryptocurrency for gambling will now avoid this method altogether. The result is an obvious spike in traditional payment methods used at online casinos and bookmakers. However, those come with their own vulnerabilities and security risks, too. There’s a need for improved security protocols and anti-fraud practices throughout the industry. Companies could consider regular security audits, implementing multi-signature hot wallets, and constantly changing their keys to prevent similar attacks from happening.
ALSO READ: 10 Best Apps for Cryptocurrency in India
